Expand Minimize

CryptMsgVerifyCountersignatureEncoded function

The CryptMsgVerifyCountersignatureEncoded function verifies a countersignature in terms of the SignerInfo structure (as defined by PKCS #7).

Syntax


BOOL WINAPI CryptMsgVerifyCountersignatureEncoded(
  _In_  HCRYPTPROV_LEGACY hCryptProv,
  _In_  DWORD dwEncodingType,
  _In_  PBYTE pbSignerInfo,
  _In_  DWORD cbSignerInfo,
  _In_  PBYTE pbSignerInfoCountersignature,
  _In_  DWORD cbSignerInfoCountersignature,
  _In_  PCERT_INFO pciCountersigner
);

Parameters

hCryptProv [in]

This parameter is not used and should be set to NULL.

Windows Server 2003 and Windows XP:  NULL or the handle of the cryptographic provider to use to hash the encryptedDigest field of pbSignerInfo.

This parameter's data type is HCRYPTPROV.

Unless there is a strong reason for passing in a specific cryptographic provider in hCryptProv, pass NULL to cause the default RSA or DSS provider to be used.

dwEncodingType [in]

Specifies the encoding type used. Currently, only X509_ASN_ENCODING and PKCS_7_ASN_ENCODING are being used; however, additional encoding types may be added in the future. For either current encoding type, use: X509_ASN_ENCODING | PKCS_7_ASN_ENCODING.

pbSignerInfo [in]

A pointer to the encoded BLOB that contains the signer of the contents of a message to be countersigned.

cbSignerInfo [in]

Count, in bytes, of the encoded BLOB for the signer of the contents.

pbSignerInfoCountersignature [in]

A pointer to the encoded BLOB containing the countersigner information.

cbSignerInfoCountersignature [in]

Count, in bytes, of the encoded BLOB for the countersigner of the message.

pciCountersigner [in]

A pointer to a CERT_INFO that includes with the issuer and serial number of the countersigner. For more information, see Remarks.

Return value

If the function succeeds, the return value is nonzero (TRUE).

If the function fails, the return value is zero (FALSE). For extended error information, call GetLastError.

The following table lists the error codes most commonly returned by the GetLastError function.

Return codeDescription
CRYPT_E_AUTH_ATTR_MISSING

The message does not contain an expected authenticated attribute.

CRYPT_E_HASH_VALUE

The hash value is not correct.

CRYPT_E_UNEXPECTED_ENCODING

The message is not encoded as expected.

CRYPT_E_UNKNOWN_ALGO

The cryptographic algorithm is unknown.

E_INVALIDARG

One or more arguments are not valid.

E_OUTOFMEMORY

Ran out of memory.

 

Propagated errors from the following functions might be returned.

If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information about these errors, see ASN.1 Encoding/Decoding Return Values.

Remarks

Countersigner verification is done using the PKCS #7 SIGNERINFO structure. The signature must contain the encrypted hash of the encryptedDigest field of pbSignerInfo.

The issuer and serial number of the countersigner must match the countersigner information from pbSignerInfoCountersignature. The only fields referenced from pciCountersigner are SerialNumber, Issuer, and SubjectPublicKeyInfo. The SubjectPublicKeyInfo is used to access the public key that is then used to encrypt the hash from the pciCountersigner so compare it with the hash from the pbSignerInfo.

Examples

For an example that uses this function, see Example C Program: Encoding and Decoding a CounterSigned Message.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Wincrypt.h

Library

Crypt32.lib

DLL

Crypt32.dll

See also

Low-level Message Functions
Simplified Message Functions
CryptMsgCountersign
CryptMsgCountersignEncoded

 

 

Community Additions

ADD
Show:
© 2014 Microsoft